Workflow

Conda-vendor

Latest version: v1.0.3

Safety actively analyzes 623075 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 4

1.0.3

* update pypi release workfow
* increment version number in the code

1.0.2

* fixes relative path issue in `repodata.json`

1.0.1

Previously the `--ironbank-gen` flag would output the generated manifest to stdout. This was causing issues when capturing standard output for automated workflows, because informational messages would also be captured.

This change makes the manifest output to a file called `ib_manifest.yaml` in the current working directory instead.

1.0.0

bash
use conda as the solver for linux-64
conda-vendor vendor --file environment.yaml --solver conda --platform linux-64

use mamba as the solver for osx-64
conda-vendor vendor --file environment.yaml --solver mamba --platform osx-64

use micromamba as the solver for the host platform
conda-vendor vendor --file environment.yaml --solver micromamba

dry-run outputs formatted JSON
conda-vendor vendor --file environment.yaml --solver mamba --platform linux-64 --dry-run True


Screenshots:
Conda-vendor Improved UX:
![image](https://user-images.githubusercontent.com/28741910/162763390-1797aa0e-b6d3-4494-8cd3-6dba5056f99d.png)

`repodata.json` hotfix progress bar and package download progress bar:
![image](https://user-images.githubusercontent.com/28741910/162763503-80a41a15-43d8-4351-80c0-5d410e1c0671.png)

Dry-Run formatted JSON output:
![image](https://user-images.githubusercontent.com/28741910/162763757-db47f534-efb5-4651-9a86-c6cb6bf03d9b.png)


`ironbank-gen` subcommand (returns formatted text that can be copied into Ironbank's hardening manifest):
![image](https://user-images.githubusercontent.com/28741910/162836858-b516c97b-1182-4cdb-a9e7-e740efc188c9.png)


Example IronBank Workflow:
1) Generate the vendored channel and output the IronBank Hardening Manifest resources to stdout:
bash
conda-vendor vendor --file my-environment.yaml --solver micromamba --platform linux-64 --ironbank-gen True

2) Copy the output `resources` block to your IronBank `hardening_manifest.yaml`:
yaml
- url: https://conda.anaconda.org/conda-forge/linux-64/micromamba-0.22.0-0.tar.bz2
filename: micromamba-0.22.0-0.tar.bz2
validation:
type: sha256
value: f8d6d9ab832401f8f32e161d5043b28fd7f043d8f0829ab5388f6e4a4256524a
- url: https://conda.anaconda.org/conda-forge/linux-64/_libgcc_mutex-0.1-conda_forge.tar.bz2
filename: _libgcc_mutex-0.1-conda_forge.tar.bz2
validation:
type: sha256
value: fe51de6107f9edc7aa4f786a70f4a883943bc9d39b3bb7307c04c41410990726
- url: https://conda.anaconda.org/conda-forge/linux-64/libstdcxx-ng-11.2.0-he4da1e4_15.tar.bz2
filename: libstdcxx-ng-11.2.0-he4da1e4_15.tar.bz2
validation:
type: sha256
value: cc84f71bb9dbecde453a25ba8c5aefc9773da5d619633c103eb8bac1ab4afda0

3) Copy over your patched `repodata.json` files from your vendored channel to the appropriate directory in your IronBank Project

0.1.15

- change dependency from pyyaml to ruamel. Code will now throw an error when passed yaml files that have duplicate keys.

0.1.14

- Fixes bug where pip wasn't actually being added as dependency when python was present

Page 1 of 4

Links

Releases

Has known vulnerabilities

Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.